Commit Graph

2869 Commits

Author SHA1 Message Date
Michael Braun
80ebfd9527 VLAN: Avoid access to non-existing interfaces
Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.

This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:03:02 +03:00
Michael Braun
4345fe963e bridge: Track inter-BSS usage
Currently, struct hostapd_vlan is a per-BSS data structure which
also contains informations about whether to remove the bridge
or clear wlan / tagged-vlan interface from the bridge.

In a multi-interface multi-BSS setup, this can lead to the following
race condition:
 1. wlan0 creates VLAN A, sets DVLAN_CLEAN_BR and DVLAN_CLEAN_VLAN_PORT
 2. wlan1 creates VLAN A, does not set DVLAN_CLEAN_BR and
    DVLAN_CLEAN_VLAN_PORT as already there
 3. wlan0 removes VLAN A, removes tagged-interface from the bridge
    but not the bridge.
    Now wlan1 VLAN A is unusable due to the missing uplink.
 4. wlan1 removes VLAN A, does not cleanup

Solution:
This requires an inter-BSS inter-interface data structure to track the
bridge / bridge port usage within hostapd. This data structure could
also be used to track any other device-has-been-created-by-hostapd
information or when regarding interface freeing.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:00:10 +03:00
Michael Braun
459eee923c bridge: Use safe default bridge interface
Currently by default, all BSS share the bridge brvlan%d.
While this is sane when no tagged-interface is given, this
is insane when different tagged interfaces are given, as
it would result in bridging those tagged interfaces.

This patch therefore uses br%s%d with %s=tagged_interface
and %d=VLAN ID as bridge name when a tagged-interface is given.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:10:00 +03:00
Michael Braun
2aaeedfa07 bridge: Give bridge name in per-bss configuration
Currently, when different BSS using different tagged vlan
interfaces, they are forced to share the bridge brvlan#,
which is not desirable.

This patch fixes this by making the bridge name configurable.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:09:01 +03:00
Andrei Otcheretianski
9578329874 Add AVG_RSSI report in signal_poll
Add AVG_RSSI report to the signal_poll command if it is reported by
the kernel.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 12:01:05 +03:00
Andrei Otcheretianski
2cc8d8f4e8 Add bandwidth and center freq info to signal_poll
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 12:00:46 +03:00
David Spinadel
2090a0b42e nl80211: Add prints for kernel events
Add prints for kernel event, including the event ID and event string.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 11:12:48 +03:00
Sunil Dutt
87436760a2 TDLS: Validate ext_supp_rates in copy_supp_rates
The ext_supp_rates passed to merge_byte_arrays would be invalid if not
advertized by the TDLS peer. Thus, validate the argument to avoid
crashes in such cases.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-20 15:10:15 +03:00
Jouni Malinen
85b4eac364 P2P: Do not reply to 802.11b-only Probe Request frames as GO
If AP mode SME/MLME within wpa_supplicant is used for processing Probe
Request frames in GO mode, drop Probe Request frames that include only
802.11b rates per P2P spec section 2.4.1.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-19 19:16:23 +03:00
Kyeyoon Park
4331263b73 Fix session timeout after ANQP dummy STA entry with SME-in-driver
Upon association, disable the timer that removes the dummy STA. This
timer caused the STA that associates within 5 seconds of doing an ANQP
query to disassociate, thinking it's a dummy STA. Similar call was
already there for the SME/MLME-in-hostapd case in handle_auth(), but the
SME-in-driver case was not previously addressed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-18 17:40:51 +03:00
Jouni Malinen
aa20e1a1fb Remove CONFIG_NO_WPA2 build parameter
There is not much use for enabling WPA without WPA2 nowadays since most
networks have been upgraded to WPA2. Furthermore, the code size savings
from disabling just WPA2 are pretty small, so there is not much
justification for maintaining this build option. Remove it to get rid of
undesired complexity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:13:25 +03:00
Jouni Malinen
84ae1d44ca Fix WNM build without WPA2
Commit ae8535b6e1 added a new function
wpa_sm_pmf_enabled() which is called from WNM code without ifdefs.
Define a dummy wrapper for this function to fix build if WPA2 is
disabled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:02:50 +03:00
Jouni Malinen
c33d5eb063 Fix build without WPA2 or EAP
Commit 4033935dd9 updated
pmksa_cache_flush() function arguments, but forgot to update the wrapper
function for cases where WPA2 or EAP has been disabled in the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:01:10 +03:00
Vivek Natarajan
8f395284bd P2P: Modify wait time in INVITE state based on Tx status of INV-REQ
In a noisy enviromment, some peers can be slow to respond to the
invitation request frames which may lead to unnecessary state timeout.
Increase this timeout to 350 ms to improve the probabilty of
successfully receiving the invitation response frames.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-06-03 21:30:34 +03:00
Jouni Malinen
e112764e6d nl80211: Use NL80211_ATTR_PEER_AID to set TDLS peer AID
This is needed for TDLS with VHT to allow partial AID to be set
correctly for the direct link frames. cfg80211 validation rules
prevented NL80211_ATTR_STA_AID from being used for this in set_station
case, so the new attribute is used instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-30 10:25:23 +03:00
Jouni Malinen
f8a5fd4243 Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-30 10:22:47 +03:00
Jouni Malinen
9b1693a162 WPS: Allow Device Password Id changes between PIN methods
Commit b4a17a6ea7 added support for the
WPS Registrar to change the Device Password based on WSC specification
design. However, this added validation for Registrar behavior which
resulted in preventing a common P2P use case from working. Relax the
validation rules for builds with P2P enabled to allow the Enrollee (P2P
client) accepting M1/M2 changes in Device Password Id between Default
and Registrar-specified PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-28 00:35:47 +03:00
Jouni Malinen
1ba51ec02b nl80211: Add debug print for set_supp_port operation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-27 20:32:54 +03:00
Jouni Malinen
add9b7a46a nl80211: Ignore deauth/disassoc event from old AP
It looks like cfg80211 can deliver a deauth/disassoc event during some
roaming cases while we are already in progress with a new
authentication/association. This happens at least with FT protocol.
Avoid issues with such disconnection event resulting in core
wpa_supplicant stopping the new connection attempt by tracking
auth/assoc BSSID more carefully within driver_nl80211.c and filtering
out events that do not apply for the current AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-27 20:10:57 +03:00
Jouni Malinen
b54c9ff9ce FT: Fix TKIP group key configuration in FT protocol
The Michael MIC TX and RX keys needs to be swapped in the FT case just
like in all other TKIP key configuration cases. This fixes issues where
TKIP as group cipher resulted in Michael MIC failures being detected for
each received group-addressed frame after FT protocol use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-24 16:03:54 +03:00
Jouni Malinen
3cb953e4b6 Do not set driver MAC ACL unless driver supports this
This cleans up debug log by not including comments about failed
operations in case the operation is known to fail due to not being
supported by the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-24 13:37:22 +03:00
Vivek Natarajan
3c4ca36330 hostapd: Support MAC address based access control list
Enable MAC address based ACL for the drivers which advertise
this capabilty with NL80211_ATTR_MAC_ACL_MAX. Either of blacklist
or whitelist is supported, though, not simultaneously.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-05-24 13:26:35 +03:00
Jouni Malinen
ae8535b6e1 WNM: Make ESS Disassoc Imminent event more convenient to use
Define a proper event prefix and include additional information to allow
ESS Dissassociation Imminent event to be used in a wpa_cli action
script.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:51:03 +03:00
Jouni Malinen
7b53acd395 WNM: Use defines for BSS Trans Mgmt field values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:50:39 +03:00
Jouni Malinen
901d1fe1e5 WNM: Remove PMKSA cache entry on ESS disassoc imminent notification
This is needed to avoid allowing the STA to reconnect using a cached
PMKSA. ESS disassoc imminent notification is normally used to indicate
that the STA session will be terminated and as such, requiring full
authentication through the authentication server after this is needed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:50:06 +03:00
Sean Lin
72728c6fa8 P2P: Relax channel forcing for invitation processing with MCC support
When STA interface is connected and P2P interface gets invited in a
different channel from previous P2P group, the invitiation would fail
because of no common channel found. Fix this by using different logic
when device support multi channel concurrency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-22 13:29:46 +03:00
Jouni Malinen
4033935dd9 Fix OKC-based PMKSA cache entry clearing
Commit c3fea27274 added a call to clear
all other PMKSA cache entries for the same network if the PMKSA cache
entry of the current AP changed. This was needed to fix OKC cases since
the other APs would likely use the new PMK in the future. However, this
ended up clearing entries in cases where that is not desired and this
resulted in needing additional full EAP authentication with networks
that did not support OKC if wpa_supplicant was configured to try to use
it.

Make PMKSA cache entry flushing more limited so that the other entries
are removed only if they used the old PMK that was replaced for the
current AP and only if that PMK had previously been used successfully
(i.e., opportunistic flag was already cleared back to 0 in
wpa_supplicant_key_neg_complete()). This is still enough to fix the
issue described in that older commit while not causing problems for
standard PMKSA caching operations even if OKC is enabled in
wpa_supplicant configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-22 13:24:30 +03:00
Jouni Malinen
1045ec36a3 nl80211: Add couple of additional iftypes to debug prints
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-21 16:51:06 +03:00
Sunil Dutt
2cadc8e1e5 TDLS: Retry TDLS Setup Response more quickly
TDLS responder STA used to retransmit the TDLS Setup Response after 5
seconds if the TDLS Setup Confirm is not received. The initiator would
have enabled the TDLS link and started transmitting the data to the peer
on the TDLS link after transmitting the TDLS Setup Confirm frame. If the
TDLS Setup Confirm frame is not received by the receiver, the
transmissions from the initiator on the direct link would get failed for
the TDLS link not getting enabled on the receiver. This commit reduces
the data delivery failure duration by shortening the retry time of the
TDLS Setup Response frames. The retry limit of the TDLS Response frame
also is increased to ensure that the peer does not miss the frames in
the reduced time period.

Signed-hostap: Sunil Dutt <duttus@codeaurora.org>
2013-05-20 21:30:27 +03:00
Kyeyoon Park
d5b559b641 WNM: Add disassociation timeout processing for ESS_DISASSOC
The hostapd_cli ess_disassoc command now takes three arguments (STA MAC
address, timeout in ms, URL) and the STA is disconnected after the
specified timeout.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-20 11:13:40 +03:00
Jouni Malinen
c4bf83a723 P2P: No duplicate AP-STA-CONNECTED/DISCONNECTED as global event
These events are sent as a special case to both the group interface and
"parent interface" (i.e., the interface that was used for managing P2P
negotiation). The latter is not really correct event, so get rid of it
with the new global control interface design where there is no need to
support legacy upper layer implementations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 19:18:31 +03:00
Jouni Malinen
7793c959e6 Clean up AP-STA-CONNECTED/DISCONNECTED prints
Use shared code to print the parameters so that they do not need to be
generated four times separately.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 19:09:41 +03:00
Jouni Malinen
ed496f131f P2P: Clean up debug prints
Replace direct wpa_msg() calls with p2p_dbg(), p2p_info(), and p2p_err()
calls that use a new debug_print() callback to handle actual debug
printing outside the P2P module.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:47:36 +03:00
Jouni Malinen
710ae9ac1f P2P: Move p2p_find stopped event message into p2p_supplicant.c
This removes wpa_ctrl.h dependency from src/p2p/* and makes the P2P
events more consistent, i.e., everything that is aimed for upper layer
processing from the wpa_supplicant control interfaces is generated in
p2p_supplicant.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 16:06:40 +03:00
Jouni Malinen
47bfe49c31 Add wpa_msg_global() for global events
This function can be used instead of wpa_msg() and wpa_msg_ctrl() to
indicate that an event is not specific to a network interface.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 14:19:24 +03:00
Jouni Malinen
d2a9e2c76d Abstract and Android sockets for global ctrl_iface
The wpa_supplicant global control interface parameter can now be used to
explicitly specify an abstract UNIX domain socket (Linux specific
extension) with "@abstract:" prefix and an Android control socket with
"@android:" prefix.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 11:42:09 +03:00
Jouni Malinen
058c8636a7 FT RRB: Fix a memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 09:49:26 +03:00
Suryadevara Sudheer
c6ccf12d3f P2P: Use preferred channel list during GO creation
This extends support for p2p_pref_Chan configuration parameter for
autonomous GO creation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-17 11:27:02 +03:00
Suryadevara Sudheer
6d956c4064 P2P: Re-select channel in invitation case with peer info
Allow invitation exchange to update operating channel selection after
peer channel list has been received similarly to how GO negotiation was
handled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-17 11:18:02 +03:00
Vinayak Kamath
65bcd0a92d WNM: Add sending of BSS Transition Management Query
The new control interface command can be used to send a
BSS Transition Management Query frame to the current AP.

Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
2013-05-16 17:50:31 +03:00
Vinayak Kamath
e27d20bb68 WNM: Add neighbor report processing for BSS Transition Management
Process the neighbor report received in BSS Management Request frames.

Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
2013-05-16 17:48:59 +03:00
Jouni Malinen
0af2db7478 edit: Fix libreadline history clearing with WPA_TRACE
The HIST_ENTRY and its variables are allocated within libreadline, so
they won't have the WPA_TRACE special header and cannot be freed with
os_free(). Use free() to avoid issues during wpa_cli termination if any
of the new commands added to the history are to be removed (e.g.,
set_network could include a password).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-14 16:46:38 +03:00
Jouni Malinen
455299fb40 nl80211: Fix foreign address filtering for MLME frame events
Commit 97279d8d1a started filtering MLME
frame events based on Address 1 (destination) field. This works fine for
frames sent to us, but it did filter out some corner cases where we
actually want to process an event based on a frame sent by us. The main
such case is deauthentication or disassociation triggered by something
external to wpa_supplicant in the system. Fix this by accepting events
for frames where either Address 1 or 2 (transmitter) matches the
interface address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-13 11:53:21 +03:00
Paul Stewart
7c0e1e2757 tls_openssl: Store TLS context per-connection
Store context for each tls_init() caller, so events are generated for
the correct wpa_s instance. The tls_global variable is retained for
older OpenSSL implementations that may not have app-data for SSL_CTX.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-05-10 00:22:08 +03:00
Simon Wunderlich
b113a171ac DFS: Add ieee80211h hostapd configuration parameter
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:14:53 +03:00
Simon Wunderlich
695c70381f nl80211: Add driver_ops for stopping AP beaconing
This can be used to stop AP mode beaconing temporarily, e.g., in
response to a radar detected event.

This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:06:33 +03:00
Simon Wunderlich
f90e9c1c8b nl80211: Add driver_ops for starting radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:05:01 +03:00
Simon Wunderlich
fc96522eb9 nl80211: Add channel flags for DFS state information
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:02:57 +03:00
Simon Wunderlich
f295d0c86a nl80211: Add driver capability flag for radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 19:59:47 +03:00
Simon Wunderlich
04be54fa09 nl80211: Add driver events for radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 19:59:40 +03:00
Simon Wunderlich
a7505b1775 eloop: Allow to run event loop multiple times in a row
DFS implementation requires to run an eventloop while monitoring
the Channel Availability Check (CAC). After that, the "real" event
loop is started, and should not fail doing so.

Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 16:42:14 +03:00
Sunil Dutt
55293aaf4e TDLS: Do not overwrite the reason code in the Tear Down Request
The reason code for the teardown request is overwritten for open
mode. This commit removes the code that does so by reverting parts
of commit 0cb12963b6.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-07 16:27:31 +03:00
Jouni Malinen
03565bc2d6 Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-06 15:59:49 +03:00
Jouni Malinen
f11b72c3e9 TDLS: Move AID=1 workaround into driver_nl80211.c
The use of AID=1 for the nl80211 dummy STA case is specific to the
driver (cfg80211), so better move this into the driver wrapper instead
of generic TDLS implementation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:57:03 +03:00
Sunil Dutt
785336998d TDLS: Pass peer's AID information to kernel
The information of the peer's AID is required for the driver to
construct partial AID in VHT PPDU's. Pass this information to the driver
during add/set station operations (well, as soon as the information is
available, i.e., with set station operation currently).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:47:44 +03:00
Jouni Malinen
ad0685e901 edit: Fix history processing on running old command
currbuf_valid needs to be cleared when an old command from history is
processed to avoid leaving a bogus entry that makes history_prev() skip
the last entry in history.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 13:09:55 +03:00
Jouni Malinen
11e5a49c28 WPS: Do not use void* in arithmetic
This is a C compiler extension and not needed, so replace with standard
compliant way of calculating the pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:45 +03:00
Jouni Malinen
048edb1070 Revert "nl80211: Add nla_put_u32() wrapper for Android"
This reverts commit df2f9ec6b2.

The current AOSP snapshot for JB includes nla_put_u32(), so this is not
needed anymore and is also causing linking issues due to duplicated
definition.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:43 +03:00
Johannes Berg
8543ed8a37 WPA: Print pairwise EAPOL-Key flag as a bool
Since "pairwise" is defined as an integer, the current assignment leads
to it having the value 0 or 8, which is a bit strange in debug output:

WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=8
kde_len=46 keyidx=2 encr=1)

Use !!(...) to normalize it to 0 or 1.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:48:57 +03:00
Johannes Berg
7af092a015 hostapd: Add Key MIC in group EAPOL-Key frames corruption test option
For some testing it can be useful to force the Key MIC in group
EAPOL-Key frames to be corrupt. Add an option to allow setting a
probability for corrupting the Key MIC and use it in the WPA code,
increasing the first byte of the MIC by one to corrupt it if desired.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:45:03 +03:00
Ilan Peer
b691dcb129 nl80211: Fix max_remain_on_chan capability reading
In case that NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP is supported,
wiphy_info_handler() is called several times, where
NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION is present only in one
of these calls. Thus capa->max_remain_on_chan is overridden in
all other calls.

Fix it so the default value is set only after all the wiphy info was
received.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-05-04 11:28:54 +03:00
Jouni Malinen
b57b560034 wpa_supplicant: Default to nl80211 instead of wext
nl80211 has obsoleted WEXT as the preferred kernel interface for
controlling wireless drivers. Update wpa_supplicant driver interface
list order so that nl80211 gets used first if both nl80211 and wext
interfaces are included in the build. In addition, update README to
reflect the fact that WEXT is obsolete.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-29 16:55:44 +03:00
Jouni Malinen
c64686229f WPS ER: Allow UPnP interface to be forced
"WPS_ER_START ifname=<interace>" can now be used to force a specific
interface to be used for UPnP operations. This is especially useful for
automated test cases where the lo interface can now be used easily to
perform ER operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-28 21:56:24 +03:00
Ben Greear
728d97171b Use status code 17 (unable to handle new STA) on max-STA limitation
This is more useful information than the previously used value 1
(unspecified failure).

Signed-hostap: Ben Greear <greearb@candelatech.com>
2013-04-28 16:45:55 +03:00
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
2c48211c49 FT RRB: Validate os_malloc() return value before using it
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:05:15 +03:00
Michael Braun
7ca902b53e Make vlan_file optional if dynamic_vlan is used
My APs generate their configuration on their own using a different
number of (vlan-enabled) bss. Currently, all my vlan_file files consist
of a single line: the wildcard line. Configuration file generation would
be easier, if the hostapd configuration file would not depend on those
simple vlan_file files.

This patch removes the need for those one-line files by using the
<device>.<vlan> naming scheme if no vlan_file is given (or that file is
empty). This should not break any existing setup, as using dynamic_vlan
with no vlan configured does not make sense anyway.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-04-27 22:53:34 +03:00
Jouni Malinen
bdb112d35f Add bitfield routines
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:16:40 +03:00
Jouni Malinen
fe904963d0 WPS: Fix AP auto configuration on config token generation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:56 +03:00
Jouni Malinen
8f7a6dd7d0 WPS NFC: Allow Device Password ID override for selected registrar
When a specific out-of-band Device Password is enabled, it can be useful
to be able to advertise that in the selected registrar information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:31 +03:00
Jouni Malinen
aaecb69d87 WPS: Use generic MAC Address attribute builder
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:13:36 +03:00
Jouni Malinen
9ccd916504 P2P: Clean up channel--frequency conversion functions
All P2P use cases are required to use the global operating table and
there is no need to need to try to maintain some backwards compatibility
with country code -specific values. Clean up the implementation by
removing the unnecessary country parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:12:13 +03:00
Jouni Malinen
e864c0aefe Use a common frequency to channel conversion function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:11:51 +03:00
Deepthi Gowri
02db75b6c2 FT: Reset FT flag upon STA deauthentication
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 17:56:24 +03:00
Jouni Malinen
7800d45c71 P2P: Set P2P_DEV_PEER_WAITING_RESPONSE from TX status callback
Commit fb8984fd6f added a mechanism to
skip the Listen state when the peer is expected to be waiting for us to
initiate a new GO Negotiation. However, this flag was set when building
the GO Negotiation Response frame with status 1 regardless of whether we
managed to send that frame or peer receive it. This could result in GO
Negotiation failures in cases where the peer did not receive the
response and Listen channels of the devices were different. Fix this by
setting the flag only after TX status indicating success has been
received.

This fixes frequent failures shown for the test_grpform_pbc hwsim test
case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 12:57:52 +03:00
Shijie Zhang
d78d3c6190 EAP peer: Add check before calling getSessionId method
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.

Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
2013-04-26 12:30:01 +03:00
Jouni Malinen
97279d8d1a nl80211: Drop frame events that are for foreign address
This avoids duplicate processing of events when multiple BSSes are
configured.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:02:01 +03:00
Jouni Malinen
cc2ada868e nl80211: Reduce debug on Probe Request frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:01:21 +03:00
Jouni Malinen
63a965c313 P2P: Fix after_scan_tx processing during ongoing operations
When Action frame TX is postponed until a pending p2p_scan completes,
there may be additional operations that need to be continued after the
postponed Action frame TX operation completes. Fix this by starting
pending operation (if any) from TX status event for after_scan_tx
frames.

This fixes common errors seen with the test_discovery hwsim test case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 21:15:54 +03:00
Paul Stewart
754632c965 dbus_new: Add EAP logon/logoff
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication.  Slightly enhance the "logon" case
by expiring any running "startWhile" timer.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-04-23 17:57:55 +03:00
Johannes Berg
c2aff6b1d1 hostapd: Add some testing options
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:51:28 +03:00
Dmitry Shmidt
e6304cad47 wpa_supplicant: Add option -I for additional config file
This option can be used only for global parameters that are not going
to be changed from settings.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2013-04-23 17:38:57 +03:00
Johannes Berg
adc96dc2ad nl80211: Fix nla_nest_start conversion
Dmitry reported that the kernel could no longer parse the
scheduled scan attributes correctly after my patch to use
nla_nest_start/nla_nest_end. The reason is that the wrong
attribute is closed I accidentally made it close the full
scan config instead of just the SSID match set.

Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:19:20 +03:00
Chris Hessing
c7a39ba4e1 Provide TLS alerts to CLI/UI over control interface
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.

Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
2013-04-23 16:46:02 +03:00
Jouni Malinen
75fa7d19a4 TDLS: Fix key configuration with current mac80211
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-03 18:39:10 +03:00
Jouni Malinen
88c8bf311e WPS NFC: Allow configuration token to be built from network block
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 21:28:57 +03:00
Jouni Malinen
e205401c72 WPS ER: Allow Enrollee to be specified with MAC address
wps_er_pbc and wps_er_pin can now be used with both the UUID and MAC
Address of the Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:52:44 +03:00
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
49e160a58d WPS: Fix use of pre-configured DH keys with multiple operations
wps_build_public_key() takes the dh_ctx into use and another attempt to
use the same DH keys fails with wps->dh_ctx being set to NULL. Avoid
this by using the DH parameters only if dh_ctx is valid. This fixes
cases where a use of local pre-configured DH keys followed by an
operating using peer DH keys would faild due to unexpected attempt to
use local keys again.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:30:34 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
3db5439a5f Optimize Extended Capabilities element to be of minimal length
Leave out zero octets from the end of the element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 21:58:17 +03:00
Johannes Berg
8cd6b7bce8 hostapd/wpa_s: Use driver's extended capabilities
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-31 21:51:44 +03:00
Jouni Malinen
ab547b5857 WPS: Add more helpful debug for invalid WPS_REG command parsing
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
a679c0f284 WPS: Allow hostapd process to control independent WPS interfaces
The new wps_independent=1 configuration parameter can be used to remove
interfaces from the shared hostapd process WPS control (i.e., to apply
WPS operations only to a subset of interfaces instead of all).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
ccdff94035 WPS AP: Add support for reconfiguration with in-memory config
This allows WPS to update AP configuration in the case no hostapd
configuration file is used (i.e., dynamic configuration through the
control interface).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Johannes Berg
8970bae806 nl80211: Use nla_nest_start/end instead of nla_put_nested
Instead of allocating a new message and then moving that into
the message being built, use nla_nest_start() and put the data
into the message directly.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-30 20:37:44 +02:00
Chaitanya TK
558d69e3ba P2P: Omit P2P Group Info in case of no connected peers
As per P2P specification v1.2: "The P2P Group Info attribute shall be
omitted if there are zero connected P2P Clients."

Do not add the attribute if there are not connected peers.

Signed-hostap: Chaitanya T K <chaitanya.mgit@gmail.com>
2013-03-30 20:08:42 +02:00
Michael Braun
65a32cdbcb AP: Fix infinite loop in WPA state machine when out of random bytes
When the OS is out of random bytes in SM_STATE(WPA_PTK, AUTHENTICATION2)
in ap/wpa_auth.c, hostapd sends the sm to state DISCONNECT without
clearing ReAuthenticationRequest, resulting in an infinite loop.
Clearing sm->ReAuthenticationRequest using gdb fixes the running hostapd
instance for me. Also sm->Disconnect = TRUE should be used instead of
wpa_sta_disconnect() to make sure that the incomplete ANonce does not
get used.

Fix this issue by resetting sm->ReAuthenticationRequest even if the STA
gets disconnected and use sm->Disconnect instead of
wpa_sta_disconnect().

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-03-30 19:53:22 +02:00
Jouni Malinen
a5f61b2b87 Fix OLBC non-HT AP detection to check channel
A non-HT capable AP on any channel could have triggered us to enable
protection regardless of own operating channel if the driver delivered
Beacon frames from other channels. The channel detection in ap_list is
not exactly ideal, but most cases can be handled by checking ap->channel
against the currently configured channel (or secondary channel in case
of HT40).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 18:05:18 +02:00
Jouni Malinen
69554d78f6 ap_list: Remove unused functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:50 +02:00